fix: Better Error Handling of Intrinsics (#1896)

awood45 · web-flow · commit 5e2e61bc459d · 2021-01-25T13:46:21.000-08:00
* Better Error Handling of Intrinsics

In HTTP API authorizers, we don't yet handle intrinsics, and an attempt
to use them creates a crash when it tries to hash the input `dict`. This
change starts by wrapping that use case properly so that a helpful error
is raised until intrinsics are supported here.

Note: Does not yet handle `!Sub`, looking at options for that.

* Add "NoValue" Test Case

Should not raise, making that explicit.
diff --git a/samtranslator/model/api/http_api_generator.py b/samtranslator/model/api/http_api_generator.py
@@ -14,7 +14,7 @@
 from samtranslator.open_api.open_api import OpenApiEditor
 from samtranslator.translator import logical_id_generator
 from samtranslator.model.tags.resource_tagging import get_tag_list
-from samtranslator.model.intrinsics import is_intrinsic
+from samtranslator.model.intrinsics import is_intrinsic, is_intrinsic_no_value
 from samtranslator.model.route53 import Route53RecordSetGroup
 
 _CORS_WILDCARD = "*"
@@ -467,6 +467,15 @@ def _set_default_authorizer(self, open_api_editor, authorizers, default_authoriz
         if not default_authorizer:
             return
 
+        if is_intrinsic_no_value(default_authorizer):
+            return
+
+        if is_intrinsic(default_authorizer):
+            raise InvalidResourceException(
+                self.logical_id,
+                "Unable to set DefaultAuthorizer because intrinsic functions are not supported for this field.",
+            )
+
         if not authorizers.get(default_authorizer):
             raise InvalidResourceException(
                 self.logical_id,
diff --git a/tests/model/api/test_http_api_generator.py b/tests/model/api/test_http_api_generator.py
@@ -69,6 +69,19 @@ def test_auth_missing_default_auth(self):
         with pytest.raises(InvalidResourceException):
             HttpApiGenerator(**self.kwargs)._construct_http_api()
 
+    def test_auth_intrinsic_default_auth(self):
+        self.kwargs["auth"] = self.authorizers
+        self.kwargs["auth"]["DefaultAuthorizer"] = {"Ref": "SomeValue"}
+        self.kwargs["definition_body"] = OpenApiEditor.gen_skeleton()
+        with pytest.raises(InvalidResourceException):
+            HttpApiGenerator(**self.kwargs)._construct_http_api()
+
+    def test_auth_novalue_default_does_not_raise(self):
+        self.kwargs["auth"] = self.authorizers
+        self.kwargs["auth"]["DefaultAuthorizer"] = {"Ref": "AWS::NoValue"}
+        self.kwargs["definition_body"] = OpenApiEditor.gen_skeleton()
+        HttpApiGenerator(**self.kwargs)._construct_http_api()
+
     def test_def_uri_invalid_dict(self):
         self.kwargs["auth"] = None
         self.kwargs["definition_body"] = None
